Closed howlbot-integration[bot] closed 1 month ago
koolexcrypto changed the severity to QA (Quality Assurance)
koolexcrypto marked the issue as grade-c
This previously downgraded issue has been upgraded by koolexcrypto
koolexcrypto marked the issue as duplicate of #687
koolexcrypto marked the issue as duplicate of #687
koolexcrypto marked the issue as duplicate of #218
koolexcrypto changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/EntityForging/EntityForging.sol#L102-L175
Vulnerability details
Impact
The
forgeWithListed
function enables users to breed an owned merger token with a listed forger token by paying aforgingFee
. However, in the current implementation, any excess ETH sent by the user beyond theforgingFee
gets locked within theEntityForging
contract and cannot be recovered. To prevent this issue, any surplus ETH should be returned to themsg.sender
.Proof of Concept
Add the following test to
EntityForging.test.ts
:In this test,
user1
sends twice the requestedforgingFee
. An amount equal to theforgingFee
is split between the forger token owner and the dev fund (as intended), while the remaining amount is locked in theEntityForging
contract.Tools Used
Manual review
Recommended Mitigation Steps
There are at least 2 possibilities:
Assessed type
Other